<?php

# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#
#	FILE:			includes/custom/adminuserpassword.php
#	FUNCTION:		Custom handler for the Admin Change Password page
#	AUTHOR:			Cameron Morrow
#	CREATED:		09/09/2005
#
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# Get details
$user_id = $USER -> getID();

# Check if form submitted
if (@$_POST["currentpassword"]) {

	# Get current password
	$current_password = (@$_POST["currentpassword"]) ? $_POST["currentpassword"] : "";

	# Get new password
	$new_password = (@$_POST["newpassword"]) ? $_POST["newpassword"] : "";

	# Get new password confirmation
	$new_password_conf = (@$_POST["newpasswordconf"]) ? $_POST["newpasswordconf"] : "";

	# Strip bad chars
	$user_id = removeInvalidChars(strtolower($user_id), $VALID_CHAR_LIST["ids"]);
	$current_password = removeInvalidChars(strtolower($current_password), $VALID_CHAR_LIST["ids"]);
	$new_password = removeInvalidChars(strtolower($new_password), $VALID_CHAR_LIST["ids"]);
	$new_password_conf = removeInvalidChars(strtolower($new_password_conf), $VALID_CHAR_LIST["ids"]);

	# Check new passwords match
	if ($new_password == $new_password_conf) {

		# Check password
		$current_data = getRecord("SELECT u_password FROM " . $PROJECT_DB_TABLES["users"] . " WHERE u_id = '" . $user_id . "'");

		# If data found
		if (count($current_data) == 1) {

			# Stored password (in MD5)
			$stored_password = $current_data[0]["u_password"];

			# If they match
			if (md5($current_password) == $stored_password) {

				# SQL
				$sql = "UPDATE " . $PROJECT_DB_TABLES["users"] . " SET u_password = '" . md5($new_password) . "' WHERE u_id = '" . $user_id . "' LIMIT 1";

				# Attempt to update
				if (executeSQLQuery($sql)) {
					addMessage("<p>OK, new password has been set successfully.</p>");

					# Log
					addLog($USER -> getID(), 6);

				} else {
					addMessage("<p>An error occured and the user's password could not be updated. Please try updating again.</p>", 2);
				}

			} else {

				addMessage("<p>Sorry, the current password you supplied does not match. Please enter it again.</p>", 2);
			}

		} else {

			# Error
			addError("<p>Sorry, an error occured and data for <em>" . $user_id . "</em> could not be found.</p>", 2);
		}
	} else {

		# Message
		addMessage("<p>The new passwords do not match. Please enter them again.</p>", 3);
	}


}

# Output
if ($user_id) {

	# Header
	$output = "<h2>Enter your current and new password:</h2>";

	# Create form
	$output .= "<form name=\"passwordform\" id=\"passwordform\" action=\"" . $PAGE_ID . ".php\" method=\"post\">";

	# Table
	$output .= "<table class=\"inputtable\" cellspacing=\"0\">";

	# Current Password
	$output .= "<tr><td><label for=\"currentpassword\">Current Password:</label></td>" .
		"<td><input type=\"password\" name=\"currentpassword\" id=\"currentpassword\" value=\"\" /></td></tr>";

	# New Password
	$output .= "<tr><td><label for=\"newpassword\">New Password:</label></td>" .
		"<td><input type=\"password\" name=\"newpassword\" id=\"newpassword\" value=\"\" /></td></tr>";

	# Confirm new password
	$output .= "<tr><td><label for=\"newpasswordconf\">Confirm New Password:</label></td>" .
		"<td><input type=\"password\" name=\"newpasswordconf\" id=\"newpasswordconf\" value=\"\" /></td></tr>";
	
	# Submit
	$output .= "<tr><td colspan=\"2\" style=\"text-align: right;\"><input type=\"button\" onclick=\"closeWindow();\" value=\"Close\" /> <input class=\"savebutton\" type=\"submit\" value=\"Change Password\" /></td></tr>";

	# Close table
	$output .= "</table>";

	# End form
	$output .= "</form>";

	# Add Content
	addContent($output);

} else {

	addContent("<h2>Invalid Link</h2>");

	addContent("<p>Sorry, a username was not provided to the page. Looks like an error of some kind occured.</p>");
}

?>